up

Dockerfile

@@ -3,6 +3,9 @@ FROM rocker/r2u:24.04
 ENV DEBIAN_FRONTEND=noninteractive \
     TZ=Etc/UTC \
     PORT=7860 \
+    ASA_PROXY=socks5h://127.0.0.1:9050 \
+    TOR_CONTROL_PORT=9051 \
+    ASA_TOR_CONTROL_COOKIE=/tmp/tor/control.authcookie \
     RETICULATE_MINICONDA_PATH=/opt/conda \
     RETICULATE_CONDA=/opt/conda/bin/conda \
     RETICULATE_PYTHON=/opt/conda/envs/asa_env/bin/python \
@@ -15,6 +18,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
     curl \
     wget \
     git \
+    tor \
     bzip2 \
     build-essential \
     libcurl4-openssl-dev \
@@ -71,7 +75,8 @@ RUN git clone --depth 1 --branch "${ASA_SOFTWARE_REF}" "${ASA_SOFTWARE_REPO}" /o
 
 WORKDIR /app
 COPY . /app
+RUN chmod +x /app/scripts/start-with-tor.sh
 
 EXPOSE 7860
 
-CMD ["Rscript", "-e", "pr <- plumber::plumb('R/plumber.R'); pr$run(host='0.0.0.0', port=as.integer(Sys.getenv('PORT', '7860')))" ]
+CMD ["/app/scripts/start-with-tor.sh"]

R/asa_api_helpers.R

@@ -48,6 +48,18 @@ asa_api_scalar_num <- function(value, default = NA_real_) {
   }
 }
 
+asa_api_scalar_int <- function(value, default = NA_integer_) {
+  if (is.null(value) || length(value) == 0L) {
+    return(default)
+  }
+  number <- suppressWarnings(as.integer(value[[1]]))
+  if (is.na(number)) {
+    default
+  } else {
+    number
+  }
+}
+
 asa_api_named_list <- function(value) {
   if (is.null(value)) {
     return(list())
@@ -119,6 +131,94 @@ asa_api_apply_env_defaults <- function() {
   }
 }
 
+asa_api_parse_proxy_url <- function(proxy_url) {
+  proxy_url <- trimws(asa_api_scalar_chr(proxy_url, default = ""))
+  if (!nzchar(proxy_url)) {
+    return(NULL)
+  }
+
+  matches <- regexec("^([A-Za-z][A-Za-z0-9+.-]*)://([^/:?#]+):(\\d+)$", proxy_url)
+  parsed <- regmatches(proxy_url, matches)[[1]]
+  if (length(parsed) != 4L) {
+    return(NULL)
+  }
+
+  list(
+    scheme = parsed[[2]],
+    host = parsed[[3]],
+    port = asa_api_scalar_int(parsed[[4]], default = NA_integer_)
+  )
+}
+
+asa_api_port_open <- function(host, port, timeout = 1) {
+  host <- trimws(asa_api_scalar_chr(host, default = ""))
+  port <- asa_api_scalar_int(port, default = NA_integer_)
+  if (!nzchar(host) || is.na(port) || port <= 0L) {
+    return(FALSE)
+  }
+
+  con <- NULL
+  tryCatch(
+    {
+      con <- socketConnection(
+        host = host,
+        port = as.integer(port),
+        open = "r+b",
+        blocking = TRUE,
+        timeout = as.numeric(timeout)
+      )
+      TRUE
+    },
+    error = function(e) FALSE,
+    finally = {
+      if (!is.null(con)) {
+        try(close(con), silent = TRUE)
+      }
+    }
+  )
+}
+
+asa_api_tor_health <- function() {
+  proxy_url <- trimws(Sys.getenv("ASA_PROXY", unset = ""))
+  proxy_info <- asa_api_parse_proxy_url(proxy_url)
+  control_port <- asa_api_scalar_int(Sys.getenv("TOR_CONTROL_PORT", unset = ""), default = NA_integer_)
+  cookie_path <- trimws(Sys.getenv("ASA_TOR_CONTROL_COOKIE", unset = ""))
+
+  tor_enabled <- nzchar(proxy_url)
+  tor_proxy_host <- if (!is.null(proxy_info)) proxy_info$host else NULL
+  tor_proxy_port <- if (!is.null(proxy_info)) proxy_info$port else NULL
+  tor_proxy_port_open <- if (!is.null(proxy_info)) {
+    asa_api_port_open(proxy_info$host, proxy_info$port)
+  } else {
+    FALSE
+  }
+  tor_control_port_open <- if (!is.na(control_port) && control_port > 0L) {
+    asa_api_port_open("127.0.0.1", control_port)
+  } else {
+    FALSE
+  }
+  tor_cookie_present <- nzchar(cookie_path) && file.exists(cookie_path)
+  tor_cookie_readable <- tor_cookie_present && file.access(cookie_path, 4L) == 0
+  tor_ready <- tor_enabled &&
+    isTRUE(tor_proxy_port_open) &&
+    isTRUE(tor_control_port_open) &&
+    isTRUE(tor_cookie_readable)
+
+  list(
+    tor_enabled = tor_enabled,
+    tor_ready = tor_ready,
+    tor_proxy = if (tor_enabled) proxy_url else NULL,
+    tor_proxy_host = tor_proxy_host,
+    tor_proxy_port = tor_proxy_port,
+    tor_proxy_port_open = tor_proxy_port_open,
+    tor_control_port = if (!is.na(control_port) && control_port > 0L) control_port else NULL,
+    tor_control_port_open = tor_control_port_open,
+    tor_cookie_path = if (nzchar(cookie_path)) cookie_path else NULL,
+    tor_cookie_present = tor_cookie_present,
+    tor_cookie_readable = tor_cookie_readable
+  )
+}
+
 asa_api_bootstrap <- function() {
   asa_api_apply_env_defaults()
   if (!requireNamespace("asa", quietly = TRUE)) {
@@ -362,9 +462,11 @@ asa_api_run_batch <- function(payload) {
 asa_api_health_payload <- function(boot_error = NULL) {
   asa_installed <- requireNamespace("asa", quietly = TRUE)
   has_boot_error <- is.character(boot_error) && nzchar(trimws(boot_error))
+  tor_health <- asa_api_tor_health()
+  healthy <- asa_installed && !has_boot_error && (!isTRUE(tor_health$tor_enabled) || isTRUE(tor_health$tor_ready))
 
-  list(
-    status = if (asa_installed && !has_boot_error) "ok" else "degraded",
+  c(list(
+    status = if (healthy) "ok" else "degraded",
     service = "asa-api",
     time_utc = format(Sys.time(), tz = "UTC", usetz = TRUE),
     asa_installed = asa_installed,
@@ -375,5 +477,5 @@ asa_api_health_payload <- function(boot_error = NULL) {
       conda_env = getOption("asa.default_conda_env", "asa_env"),
       use_browser = asa_api_to_bool(Sys.getenv("ASA_USE_BROWSER_DEFAULT", unset = "false"), default = FALSE)
     )
-  )
+  ), tor_health)
 }

README.md

@@ -8,16 +8,17 @@ pinned: false
 license: mit
 ---
 
-# asa-api (Hugging Face Space)
+# asa-api (Self-Hosted Docker + Tor)
 
-`asa-api` is a Docker-based API + GUI wrapper around [`asa::run_task()`](https://github.com/cjerzak/asa-software) designed for deployment as a Hugging Face Space.
+`asa-api` is a self-hosted Docker API + GUI wrapper around [`asa::run_task()`](https://github.com/cjerzak/asa-software).
 
 It uses:
 - `R` + `plumber` for HTTP endpoints
 - The `asa` package for orchestration (`run_task`, `run_task_batch`)
 - A lightweight password-protected browser GUI at `/`
+- A local Tor daemon for search/web egress inside the container
 
-## What This Space Exposes
+## What This Service Exposes
 
 1. `GET /healthz`
 2. `POST /v1/run` for a single prompt
@@ -35,9 +36,9 @@ It uses:
 - GUI auth is password-based:
   - `/gui/query` checks `GUI_PASSWORD` 
 
-## Required / Recommended HF Space Secrets
+## Required Environment Variables
 
-Set these in the Hugging Face Space (`Settings` -> `Variables and secrets`):
+Set these when running the container:
 
 - `GOOGLE_API_KEY` (or the provider key you use)
 - `GUI_PASSWORD`
@@ -48,7 +49,7 @@ Optional secrets / vars:
 - `ASA_DEFAULT_BACKEND` (defaults to `gemini` if unset; examples: `openai`, `groq`, `anthropic`, `gemini`, `openrouter`)
 - `ASA_DEFAULT_MODEL` (example: `gemini-2.5-flash`)
 - `ASA_CONDA_ENV` (default: `asa_env`)
-- `ASA_USE_BROWSER_DEFAULT` (default: `false`, recommended for Space stability)
+- `ASA_USE_BROWSER_DEFAULT` (default: `false`, recommended for container stability)
 - `CORS_ALLOW_ORIGIN` (default: `*`)
 
 Provider-specific keys supported by `asa` include:
@@ -65,13 +66,13 @@ Provider-specific keys supported by `asa` include:
 ### 1) Health check
 
 ```bash
-curl -s https://<your-space>.hf.space/healthz
+curl -s http://localhost:7860/healthz
 ```
 
 ### 2) Single query
 
 ```bash
-curl -s https://<your-space>.hf.space/v1/run \
+curl -s http://localhost:7860/v1/run \
   -H "Content-Type: application/json" \
   -H "Authorization: Bearer $ASA_API_KEY" \
   -d '{
@@ -90,7 +91,7 @@ curl -s https://<your-space>.hf.space/v1/run \
 ### 3) Structured JSON output
 
 ```bash
-curl -s https://<your-space>.hf.space/v1/run \
+curl -s http://localhost:7860/v1/run \
   -H "Content-Type: application/json" \
   -d '{
     "prompt": "Find Marie Curie birth year and nationality. Return JSON.",
@@ -103,7 +104,7 @@ curl -s https://<your-space>.hf.space/v1/run \
 ### 4) Batch query
 
 ```bash
-curl -s https://<your-space>.hf.space/v1/batch \
+curl -s http://localhost:7860/v1/batch \
   -H "Content-Type: application/json" \
   -d '{
     "prompts": [
@@ -179,6 +180,7 @@ R dependency strategy in this image:
 - Core R runtime packages (`plumber`, `jsonlite`, `reticulate`, `remotes`) are installed as binary apt packages (`r-cran-*`), not compiled from CRAN source.
 - This avoids source-compile failures such as `sodium` -> `plumber` install breaks.
 - Runtime linker guardrails are set so `reticulate` prefers conda environment libraries (`/opt/conda/envs/asa_env/lib` and `/opt/conda/lib`) to avoid C++ ABI loader mismatches.
+- Tor is installed in the image and started before the API. If Tor does not become ready, the container exits instead of serving direct search traffic.
 
 Build args:
 
@@ -205,8 +207,44 @@ Then open:
 - `http://localhost:7860/healthz`
 - `http://localhost:7860/`
 
+## Tor Deployment Defaults
+
+The container deploys Tor locally and exports these runtime defaults before starting `plumber`:
+
+- `ASA_PROXY=socks5h://127.0.0.1:9050`
+- `TOR_CONTROL_PORT=9051`
+- `ASA_TOR_CONTROL_COOKIE=/tmp/tor/control.authcookie`
+
+Tor scope is intentionally limited:
+
+- Search and webpage retrieval traffic uses Tor.
+- LLM provider API traffic remains direct, matching upstream `asa` behavior.
+- Browser/Selenium search remains disabled by default.
+
+Startup behavior is fail-closed:
+
+- Tor must answer a probe to `https://check.torproject.org/api/ip` with `IsTor=true`.
+- If the SOCKS proxy, ControlPort, or cookie setup never becomes ready, the container exits non-zero.
+
+`GET /healthz` now includes Tor readiness fields:
+
+- `tor_enabled`
+- `tor_ready`
+- `tor_proxy`
+- `tor_control_port`
+- `tor_cookie_present`
+- `tor_cookie_readable`
+
+You can override the local proxy defaults if needed:
+
+- `ASA_PROXY`
+- `TOR_CONTROL_PORT`
+- `ASA_TOR_CONTROL_COOKIE`
+- `ASA_TOR_PROBE_URL`
+- `ASA_TOR_STARTUP_TIMEOUT_SEC`
+
 ## Notes
 
-- Browser/Selenium tier is disabled by default (`use_browser = FALSE`) for better reliability in Space containers.
+- Browser/Selenium tier is disabled by default (`use_browser = FALSE`) for better reliability in minimal containers.
 - If you want browser tier, set `config.use_browser = true` explicitly per request and ensure supporting binaries are installed.
-- If startup fails with Python import/linker errors (for example `CXXABI_1.3.15 not found`), check Space startup logs and verify `GET /healthz` for `boot_error` details.
+- If startup fails with Python import/linker errors (for example `CXXABI_1.3.15 not found`), inspect container logs and verify `GET /healthz` for `boot_error` details once the service is up.

Tests/example_API_call.R

@@ -2,7 +2,7 @@
 library(httr2)
 library(jsonlite)
 
-base_url <- "https://cjerzak-asa-api.hf.space"
+base_url <- "http://localhost:7860"
 
 resp <- request(paste0(base_url, "/v1/run")) |>
   req_headers(`Content-Type` = "application/json") |>